The present invention relates to the field of intrusion management systems. In particular, the present invention provides for a self-cleansing intrusion management system that may be implemented using highly-available computing systems.
Computer systems are becoming more complex and are increasingly vulnerable to cyber warfare. Typical (traditional) Intrusion Management Systems (IMS) are based on intrusion prevention and detection followed by implementation of intrusion resistance procedures. The latter generally includes intrusion tracking, subsystem isolation and system recovery. Such an IMS approach relies heavily on the ability to detect intrusion events in the first place.
However, assuming that a system can always detect and block all intrusion activities quickly enough to avoid significant damage is inappropriate given the sophistication and rapid evolution of information warfare. It is especially true for critical distributed computing systems: To achieve the highest level of security, one must not be overconfident in either their knowledge of enemy tactics and technologies or their capability to fend off all attacks.
What is needed is a secure system that constantly assumes that it may be compromised and thus performs self-cleansing, regardless of whether intrusion alarms actually occur.